[Snortsam-discussion] Extending block for host issue
Rachmat Hidayat Al-Anshar
rachmat_hidayat_02 at yahoo.com
Sat May 3 03:19:49 EDT 2008
Hi all :)
I am trying to deploying snort 2.8.0 (on sensor machine - OpenBSD) with
snortsam (on firewall mechine - TSL). Then, I write a rules contain this
following line:
alert icmp any any -> any any (msg:"test"; sid:100001; fwsam: 1 minutes)
Then from another machine, I try to pinging one of my client machine, with:
ping -t x.x.x.x
Then, from snortsam.log, I got this kind of messages "..Extending block for host
x.x.x.x ..". And snortsam's agent on firewall machine didn't block the ping traffic.
Now, what should I do?
Thanks in advance
Regard
Matt
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.snortsam.net/pipermail/snortsam-discussion/attachments/20080503/89f0fbe2/attachment.html
More information about the Snortsam-discussion
mailing list